Re: Re: MS not telling enough - ethics

[Jeremy Bishop <requiem () praetor org>]

On Thursday 18 August 2005 11:31, DAN MORRILL wrote:

> community at large. So who's ethics do we apply, if I was to follow
> the CISSP code of ethics, in that consorting with non-professionals,
> would mean that I could not teach information security in college
> (which I do), nor could I teach what I know to developers or
> programmers or others who are not information security professionals
> (which I do) to help them develop better products. One of the reaons
> why I don't have a CISSP is because of that clause in the code of
> ethics, I would violate it right and left everytime I got in front of
> a classroom.

Read over the Code again.  The only mandatory parts are the four canons, 
and it is stated later that the canons are not equal (similar to the 
Three Laws of robotics).  It also states: Compliance with the guidance 
is neither necessary nor sufficient for ethical conduct.

Given the Code as currently presented on the isc2.org site, I see 
nothing 'unethical' about teaching others.  In fact, to treat the 
non-consort clause as banning the activities you mentioned above would 
ignore the precedence rules given for the canons, and could be 
considered, in some small way, as going against the first and second 
canons.

On a side note, the ordering of the first and second canons seems to 
suggest a sanctioning of... how best to say this... "chaotic good" 
behaviors in appropriate situations.  Would a CISSP care to comment on 
this?

-- 
The Write Many, Read Never drive.  For those people that don't know
their system has a /dev/null already.
              -- Rik Steenwinkel, singing the praises of 8mm Exabytes
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/